aff62e370eafaa95a505e449ea7c91e01464e127d47e2ffb68d3d00fd028b5cb

Analysis

max time kernel
145s
max time network
146s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 18:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6bd50bcf73d3c0b92c8c8857540556ad_JaffaCakes118.html
Size

33KB
MD5

6bd50bcf73d3c0b92c8c8857540556ad
SHA1

946ff8a1188dcdebfd90a1cca1eb96747c236434
SHA256

aff62e370eafaa95a505e449ea7c91e01464e127d47e2ffb68d3d00fd028b5cb
SHA512

819e8ae32fde90191a9dc5db6ad0a4fe62de8fd2ba79ccec448b3f39c3a8b8cf84258e51fda15ce184880f7ebf34e54ef58e77e2b50c97e8bc7dd063d6a890f1
SSDEEP

768:yREpiHal/bb6S8i6+QL8u4lue4TxDxcJXulEQcuqXp1PQfPkP28Gr+OVMW002e9C:yRol/bb6S8i6+QL8u4lue4TxDxcNulE/

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6ACE2C61-1930-11EF-AD44-52AF0AAB4D51} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b00000000020000000000106600000001000020000000e8f3bbe447240ee1dfc2e606e5e59a13821612185787ddb29089fe0f26b9b0ef000000000e80000000020000200000001ae3bca020cba9d15ca69a595fe1edd4fa93f895cb365d02687bd2b02c65788d900000000695379508b049eba7330ff3b26d94cb648e3dcc3668e452d86fefda1df665e449e6cf30ebcaaf1cfa27b50266932b695f7c7d9f7baeadfee13f2c3e97fd02b37de5599d16f49883feda711dc7ffe8721ace68a75fdd071d2d50d27bc440a64d176d87c1b07db3a980c79b00a7778956f0b3d020388c9e645e16a514411ce8ca0d5b84c27da8bb32126c3f41dd17503640000000266e10e790910090a97ea76232791596e8ee6f69e0c02a13bf5c1bb435fe8104d859fcfb728a2de11ab622d4308800352aeb2287d54c79a05b1c6dd65b2058a5	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b0000000002000000000010660000000100002000000030bf94d883e3ef1b89612954720afa9262fba0ff8d4cb7751784dc73591cc62b000000000e8000000002000020000000a296b7e515fe3db37b8dea4052f553c398cd4e67534a9553606d61ee9dd8d9af200000006d9aa87d0809293a63ce8c4ceb5d6a6b5e3412fc96f517127e823470d6bb84ab40000000d98109fe3a36126511b4a1b31f83ce89f50482efffcc94ebb151eedd53538bb38753e6aa9859fe6ead2746771cc99c6542ab0ffce3295a63270dbefd6f617334	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422649988"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60dcad3f3dadda01	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

1856 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

1856 iexplore.exe
1856 iexplore.exe
2740 IEXPLORE.EXE
2740 IEXPLORE.EXE
2740 IEXPLORE.EXE
2740 IEXPLORE.EXE

pid	process
1856	iexplore.exe

pid	process
1856	iexplore.exe
1856	iexplore.exe
2740	IEXPLORE.EXE
2740	IEXPLORE.EXE
2740	IEXPLORE.EXE
2740	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 1856 wrote to memory of 2740	1856	iexplore.exe	IEXPLORE.EXE
PID 1856 wrote to memory of 2740	1856	iexplore.exe	IEXPLORE.EXE
PID 1856 wrote to memory of 2740	1856	iexplore.exe	IEXPLORE.EXE
PID 1856 wrote to memory of 2740	1856	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6bd50bcf73d3c0b92c8c8857540556ad_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1856

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1856 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2740

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
15e48aa647008f8459d06d0029e97ca5

SHA1
d626587dc4a34b5e3063ba540ba6e73f16cffa1f

SHA256
454046780e325537e92e6f8edd8008de6f50d10c5139a070bb9be83c45d20c61

SHA512
0337e42f28d85aef3c41bb06565ef60357118a25aea39d8029cee772c59d4904bb5e035fb82a01523430cf9d41b55066ff7d4bd1d680b14fc58867b0b318cfe1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
9cd84629fe95ab3adb6f36aa374ab9ea

SHA1
1cecd09df32fc5d4d5a5d08c1e56a189c02fac18

SHA256
23c58d010a5054dec7eeb2395cac184962aaacef2b2278faac8ddc3fdd485b6c

SHA512
6f6d88b1fa5cd1804eeb1826ef2b7d9e8b23f1c260726092600e26843fc6bd83c37c25fcac02079603ec6c2857379a1f7ea4120b1715c5fd79c4fc1347ce468c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
bac6fab0f5d22fcf13bf0710a0eb131a

SHA1
67371644feca25e585915c9b9ea273bf5847c25b

SHA256
1eb2816c713d7dfff8e336d19af6db1d5f270736efefedb266ee4277a51174dd

SHA512
02a5f605049b1156eda2686b2fa6746afe2d77f06f7182c67aef0f4381cb9ccfc8f14cb97e69f38e321ec7e42a7ebe0bf5a95d89e54d833de7ae29331c84c9aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
f80ebef03ef180556eccd94b6675f84f

SHA1
b98b537dc39353689216b1f02d96c48454f0cc4d

SHA256
7ef90fd5e1d2a163164847594ea185a86907a7072316d8679c2ce853f14b7e17

SHA512
257a76abbdc7235a1da0bc48041b9d90272c3dfc858cdc7c63e3926d4a0415a3f979f55a498ecf9e364d5390b21a5b2a659b59c635c4817f5922bcc3bdd5b74a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
3a0c13b36507dc75f093419f4cf3d573

SHA1
a047c4a72fc20203267c00bf63039ccabe007d24

SHA256
6280dcb6295d1ddcfbe596613ff5313b8e5ec401a79698c83710ccff1975b315

SHA512
1447ccb78bbd5d2ba868bcda66dd5cf51b055170f8f4a031c46c2127c9dfa4769339c78720dfe1e512ae3b1098e880564f39ec5cc11632549da15c5a9c9622a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
894372826d0f34bb80329ecf841b34a8

SHA1
e0a9be6d0fda2f306d7110b2142332aa4730264d

SHA256
733a0e20813185fc86e81c45d3737729a12dcaa64ba8fc3e25d9fe85e8a8e00a

SHA512
f656dd71283b4bef9f9c0525e045df385381266a850741f69a16e4e8ba22125087a2ca8bde26e6afa94c7c19da2ecb1991663ce65b098a615c61746eeb415227

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
683eb9bdfb38cf36d4eeea1fb1afb654

SHA1
f7083cce5fb2f561a8df6067ba6ac577782c61ee

SHA256
00d81835619887e4fbcc2106808ff12456325d61e285f8683a89c98fb4dd578c

SHA512
278ed3d71b69edc449b05676120c5e50eb92ceb7dc1f66d9bd0c127a97ac86d3b7a28e37808fc19a8b3cc165148720f14e5efdd9c2a52c3c325580ffd0b86662

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
8b782cb2fc57d51e04d3bc2fadcdc09f

SHA1
760e6400587b9511c4f416f19736181426bd1f06

SHA256
d1ebb0f3f01f5638db532cab627f54ea5abdc6e671f7e35f1b74d9e9a500d753

SHA512
00abe6b9a3a773004619d68817a67e5ec3e72e118d06abfde431f820b7ce98187d52c7519432ddd4ff377f4c0d5c20deb73292b69ec8b40cead073fcbcf109f0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
797afd34885a312b5fcfc0b85ec4a40a

SHA1
f9fcaa2da8cee4b2686ce5b6d04b52cb7c58947b

SHA256
355d870f9b9f87a7545c77463e0ab8fd547575bb59643b4cbfb0d66ae3201e09

SHA512
03655a7e8705f983d644088f577ed0084b5da4a1423265bc9b8070ca9d40d8feae50a440fc5214993e1c7fee6fe8e612512fc9cc4e283a89afd552058cc4d26a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
f966b420c6565e73ab64a7ceb1bd3514

SHA1
5aa560ec0d38faaf634b6f07e908fcfd8e24bcd4

SHA256
17b457e39975374403a6749a0c03a20d618d49bfb34b5be3a8fab31caa75875a

SHA512
bc44e2cbc86a50db7f20da7336814b23fe09fd561d3a51c0d8838493e20798d53cfd8b687aa95a9cd9248522a43c67b24d527ace5b0a668cd304719a609063d3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
cebdbffa9fe97720747b94c110197017

SHA1
7efdec2625270fa73a56a9d38d1130d1f7c3f486

SHA256
d3f38d6dd9e1a03fac481850afd5353d675eaf8584e3c5b109e7c77cd246c239

SHA512
544984a6a5d5b92be81cb99ad4f032bed0e82fabeab14bf5f607b71af9fc6ed78681b3ef6097d12260bf08a4d307da7eb575a56a3a60ce075b60e1e1f9e3f5b3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
f4a5e221804679e0faffe962137738b0

SHA1
2a082d3fda21a1bbb03601de81fffcf9d2afed8d

SHA256
c74491361168133aa14a4bfc03a3517f04138ee14c3fdd4ec342cf9e187d05a7

SHA512
23f716104546546c1bba90fb678e4b1cce066b5e70ec28c3f1211e48768c5cd947d2d66b8a7619e671067cdf44028a19f0ce05cdd182878d343d0926bfe5be88

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
21cfe24b3b6063b69f3845029ecb3773

SHA1
c49201d5dd3674cc8e6ca5dbf5e522a30a05d7eb

SHA256
30085c2716f1011f4776ca6911e5650d7eb7a443bd348bf091719d20233c8349

SHA512
ccef34ae3a121a390776fa1629edb6c03d0d0d8e6a6a911d1abb02f558940db1ea2ba89d50a092210e4815dea019130cc8bcea916df6bfe35da307e9457ef380

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
fb17fba66b3a575f57122cd2de653403

SHA1
6412d5d5e53e999baf77b7638fbd0a8a229b6cee

SHA256
45ec926beab74f5ba2550e6e8807b75ce2f70154cecf6b32ccd456976a7172f7

SHA512
f1bdb6cc550a46bca754c59162ea78e50f8b5a34cf04d19832327e665465d3d1c62d60cf47d05af921cdcf417feb0af5e20fbad2a4b5b156b50032153cc17ac6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
ae27bb2af0c4f0d05403459be1a0f3b2

SHA1
02efe07e4f14b97af0505888fb0b9b7639f53379

SHA256
aa740c7c125d52766e338e5fda9a75e71ecec0a7fd6ffc9ff0e3aa436e833396

SHA512
7780ce09c262348db13fe95707d85196e1ee38209051b71b2df5237eb3a6be41687999ab1b782e6e7774863d4fc89d0c8e0ece67bd5e27b17e3607474ae25815

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
d00ea20aa60a51a02e095886e11d10a1

SHA1
a227c5dc69818750aaa00c89fc6a0c3deff2ee72

SHA256
df07528ecefcfc5577f6d28093d0c0f061eabba7bac1c5012bee1e1efa70e0a9

SHA512
01bca5113d49c59db2d1b6761836953798c464c26434c5a2fbe399f5066d8027f4b7d2d0b5a363e05c8a042f56ab1c76263f0500b24c69144a7c103ec7507af2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3F24.tmp
Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3F76.tmp
Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit